Docker 1.5 seeks to ease networking, documentation woes

The newest Docker release rolls in IPv6 networking and a comprehensive description of Docker's image format


The latest revision of software containerization solution Docker seeks to address criticisms of the product and process. Version 1.5 of Docker sports new features and upgrades courtesy of what company spokespeople describe as a series of "design sprints," launched by Docker to address both recently raised and longstanding issues.

None of the changes can fix all that purportedly ails Docker, but they constitute a beginning. Docker's 1.5 release has "smashed many long-standing, annoying bugs and merged a few awesome features that both the community and maintainers are excited about," according to an official blog post.

One of those long-standing issues is networking, and among the new features announced is IPv6 support -- the ability to assign IPv6 addresses to containers, to resolve IPv6 addresses from within a container, and to communicate across multiple hosts.

Docker's networking -- even apart from its lack of support for IPv6 -- has been heavily criticized for being too complex and limiting. This has inspired a number of spin-off projects -- including Weave, Flannel/Rudder, Pipework, and others -- that attempt to solve Docker's networking issues in a high-level way. 

None of these networking solutions seems to be the prevalent choice for future work, but David Messina, VP of marketing at Docker, noted in an email that "networking is a major focus of the project," and a number of the vendors mentioned above are "part of [the] recent open design sprint."

Messina also mentioned trust and security as other design-sprint areas. A recent Gartner study found that while Docker containers are on the whole architecturally secure, in the sense of isolating their contents from neighbors, they are less secure administratively. This problem was touched on in the 1.3 release, where signed containers would throw an error (but do no more) if modified. The 1.5 release expands on that idea, but only in a very limited way, with the most prominent new feature being the ability to mark containers as read-only.

Still, there are signs that Docker is attempting to listen to and quell dissatisfaction, especially in the face of pressure from competing projects like CoreOS' App Container system. The company is publishing a full spec for the Docker image format -- something that's been badly needed and which ought to at least partly address criticisms that Docker is too opaque. And a statistics API for containers ought to be welcomed by both devops folks and third parties who produce Docker monitoring solutions.

The controversy around Docker seems to have had little effect on its uptake, not only in enterprises but with software vendors producing certified Docker files for their applications. Joyent announced today that it would be certifying the Node.js image found in the official Docker repository and offering expanded enterprise support for Node.js. It isn't difficult to see how growing demand for the former could generate greater demand for the latter.

Copyright © 2015 IDG Communications, Inc.